WeVote

Bill

Bill

HB 1549

TO CREATE THE ARKANSAS CYBERSECURITY ACT OF 2025.

2025 Regular Session Introduced by Josh Bryant and 1 co-sponsor

The Arkansas Cybersecurity Act of 2025 creates a State Cybersecurity Office to enhance protections for state agencies against cyber threats and improve overall resilience.

Notification that HB1549 is now Act 489
0
WeVote Research Nonpartisan
Bill Summary · HB 1549

Summary of HB 1549: Arkansas Cybersecurity Act of 2025

Overview

House Bill 1549, now known as Act 489, establishes the Arkansas Cybersecurity Act of 2025. This legislation aims to enhance the cybersecurity framework within the state government, ensuring the protection of digital assets and information systems against cyber threats.

Main Purpose and Intent

The primary intent of the Arkansas Cybersecurity Act of 2025 is to create a structured approach to cybersecurity across state agencies. This includes the establishment of a dedicated State Cybersecurity Office responsible for overseeing and managing cybersecurity efforts, thereby improving the state's resilience against cyber threats.

Key Provisions

The Act introduces several significant provisions, including:

  1. Creation of the State Cybersecurity Office:

    • This office will direct and manage all cybersecurity functions for state agencies.
    • It will be led by the State Information Security Officer.
  2. Duties of the State Cybersecurity Office:

    • Develop and implement cybersecurity governance policies, procedures, and standards.
    • Conduct audits and compliance checks of state agencies regarding cybersecurity practices.
    • Provide resources and support for local, state, and federal agencies, as well as academic institutions and NGOs.
  3. Cybersecurity Governance:

    • Establish minimum cybersecurity standards that state agencies must adhere to, with the option for agencies to adopt stricter measures.
    • Implement a cyber assessment program to identify vulnerabilities and recommend remediation actions.
  4. Reporting Requirements:

    • The State Cybersecurity Office must report audit findings to the Joint Committee on Advanced Communications and Information Technology at least twice a year.
  5. Functional Reporting:

    • Cybersecurity personnel within each state agency will report to the State Cybersecurity Office to ensure alignment with statewide cybersecurity strategies.

Impact

The Arkansas Cybersecurity Act of 2025 will affect:
- State Agencies: All state departments, agencies, divisions, boards, and commissions will be required to comply with the new cybersecurity standards and practices.
- Cybersecurity Personnel: Employees tasked with cybersecurity and information security functions will have their roles aligned with the State Cybersecurity Office.
- Local and Federal Entities: The Act positions the State Cybersecurity Office as a resource for local governments, federal agencies, and other organizations, enhancing collaborative cybersecurity efforts.

Procedural Timeline

  • Introduced: February 20, 2025
  • Passed: The bill underwent multiple readings and amendments before passing through both the House and Senate by April 1, 2025.
  • Enacted: The bill was signed into law and became Act 489 on April 8, 2025.

Conclusion

The Arkansas Cybersecurity Act of 2025 represents a significant step towards strengthening the state's cybersecurity posture. By establishing a centralized office and clear governance structures, the Act aims to protect state information systems and enhance overall cybersecurity resilience.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.